Broadcom Payment Security Reviews

We found that we were able to give much improved customer service and improved fraud prevention. It improved commercials. Commercials were a big factor. The opportunity to do an improved customer service offering in changing the way that we approached the process, almost shaking it up a little bit, and having an opportunity to rethink what we did.

Keep them what they are doing at a time when they are growing to be able to keep that one to one support for us when other people are starting to come aboard and realize the benefits of moving to CA. We want them to be able to keep up that level of relationship management with us.

There is always room for improvement, but we really don't have any complaints in our office. We work well with CA.

There is always room for improvement. For example, there have been service outages/incidents and work has to be chased, for completion or comment

Our first anniversary is coming up, so one year.

It is all within our contractual SLA. Anything that we had, has been a blip. How that has been handled has been brilliant.

We've had a lot of attention on any small bits that we had to report in. We've been hand-held throughout. We've had regular meetings, one to ones. It's all been great.

We are in the process of collaborating with CA at the moment on a proof of concept for further developing our syndication in the long term to further enhance the customer experience.

They are excellent. They do one to one marking. Their reaction to our needs, whether it be from email queries, full on technical support, or running proof of concepts; their ability to work with us is great. We really feel that we have got a one to one relationship management setup with them. They're brilliant.

The migration was very straightforward. I think, all-in-all, it took us about 12 to 15 weeks, post-contract, for us to migrate. So, it was very easy, with a lot of support.

We currently are migrating to CA. We're coming from a legacy model. We only have simple functionality, in terms of what we are going to do for challenging fraud.

Overall, there's a strategy to reduce that. It's kind of a new within our commercial book. CA has been recognized as being the leader within the commercial sector. Hence, there's a move to move towards these best practices.

Unifying operational changes around highlighting. If you highlight one item, it will highlight the one card that's affected across the board.

Unifying that functionality across all areas of the components that operations would use would be really good, giving them a great landscape to work with. Can you see all of it on one screen and is it clear?

One thing we are going through right now is looking at the legacy system and seeing where that information from the audit area would be getting back to an agent.

They are used to seeing something that they're adopting in the new system. Are they going to see the same thing? If not, do they need to see it?

Challenging the operations as well, rather than just saying, "The product doesn't give us what we need, therefore, we need to change it".

The legacy platform's been there for 13 years. The improvements we've done from the colleague or a customer side of things has been limited. I joke when it says your Internet Explorer options needs to be 5.5 and above. That gives you some idea of how often we update the site.

For customers and colleagues, there's a good length of engagement we've had with them to make sure that they are fully immersed in what we're doing.

The reduction in operational impacts improves customer journeys. We have got a whole emphasis that the organization works for, of bringing in more digital experience to customers, as most probably the industry has as well.

RTS feedback today says you've got to look at virtual and pre-paid. We would keep the working assumption that it wasn't going to be in scope for us and that it was just going to be physical.

Virtual is possibly our largest growing segment within the commercial portfolio. We concert more business and large corporations. It's very diverse.

The scale of it is in terms of options we can give to customers, in line with operational impact against the fraud reduction will be absolute paramount to what we need to do going forward.

It's purely been from a technical implementation respect, but we had a few curve balls thrown at us by our own internal governance. They have literally taken everything on board and said, "We can't do it this timescale, but we can work to this".

So, it's constantly proactive. We're constantly engaging with them backwards and forwards and saying, "Can we do this?" We always throw the curve balls at them. We always were, especially, with the new releases.

We're doing this for our third-party as well. As a team, it's successful with everybody playing their part and they have been there at the forefront defining new stuff, suggesting things around strategy where we don't have the experience, and we don't have the current data. It's a fresh book that we are looking at.

Let's put it this way, it's like going from Larder to a Ferrari. People laugh when I say that, but at the end of the day, it's more intuitive.

The customer experience is better. We are going for a light to light design to where we are still using impartial password. But, it gives us the foundation to move forward into something that we want to do and know where the business wants to go. We're seeing it as a commercial opportunity above and beyond the fraud savings that we're looking to generate.

There are a few unique things that we're looking at around access controllers for internal purposes, for audit. It's not an out-of-the-box functionality. We don't have reports. It's got to be automated.

Again, it was a new requirement. We've put it across. These guys are working to do it and our US operation has requested the same thing, because it came across the group and they are working with us.

They want to put this on their roadmap and say, "How can we facilitate you?" Considering as we're a new customer, we'd talk about the innovation that they're doing around risk analytics.

I think if we had gone to the old systems, our operational errors might push back a lot harder. But seeing what they are doing within it and the support we do get with the training and the level of engagement, they want to support us with the strategy where we might not have that skill set yet.

We're building as a new team. They have been absolutely paramount of any conversation we have with the business.

The way I see it, with the MI coming up to bat, that is what will drive anything, whether it's a customer journey, an operational change, or just the fraud strategy and the engagement.

From a professional element, knowing their stuff and just seeing them today talking from a data science perspective, these guys know what they're talking about. It seems really, really engaging.

When looking for a vendor, I look for communication and innovation.

Communication: Somebody you can actually work with, talk to, and get along with. We're not developing any code ourselves. The implementation changes that we are doing are literally being done between a third party vendor and a strategic partnership with CA.

We are the customer, but we are working alongside them, because obviously the operational impacts and building the strategy is from the ground up.

And you need to put scheme involvements in there. There are five third-parties that I'm dealing with on a day to day basis. CA has very much unified that. They have brought their experiences together with the schemes books. We own that relationship, so we have to drive the changes.

We couldn't ask for anything more, really. They really have unified that element given their experience. Going forward, we are looking to build our own roadmap against what regulation changes are coming up.

If it all goes well and we get our numbers down, then we can talk again for a higher rating.

For a bank, we've seen transactions move to e-commerce. We needed a solution that would protect the bank and protect the bank's cardholders, and that's what this solution gives us.

I think some of these are outside of CA's control. We work in a regulated environment, so we've got our financial regulators setting standards. We've got the major card scheme setting standards for us. It's really how CA can respond to those changes that we see coming down the tracks from the schemes or from the regulators. It is how CA shapes their products to meet those changes.

We've been using this solution for about five or six years, and we've made some changes to it in the last year or two.

It's quite stable. No solution is going to be 100% up, but in terms of what we've seen, we've been quite happy.

For our bank, we've experienced rapid growth and transaction volumes. We've seen no issue with scalability.

They would have had their pre-sales team in to our technical resources. Once you have got yourself, as a bank or as a company, set up so that you can work with them, that's when you actually get the benefit.

It's important to get the skills transfer when you're going live. The CA guys clearly know their solution. It's important that your own teams get that knowledge when you're going live.

We've been happy with CA. We're aware of other solutions, but we haven't looked at them.

They need to do their own research and understand what issues they're trying to fix in their organization. Different organizations have different issues that they want to fix and remediate.

Once they identify those issues and they're clear about what they're fixing, then you can work with CA to target the product to fix the problem that you're trying to address.

They are a leading company in this space. I think we've been very happy with this solution. Their expertise is very good.

When selecting a vendor for any solution, you're looking for the right product set and the right price, but critically, you're looking for the right people. Not everything works out to be as smooth as you'll always hope for. You really need a relationship that you can fall back on and actually discuss issues when they arise and fix them.

It's the security and protection it offers our customers. They trust it. I know sometimes people will say that verified by Visa can be an inconvenience, but our customers like to use it. They like to see it on the screen, so that is a big benefit for our customers.

Where we are based, we are very rural, so the mobile phone signal can be very poor. There's something like adding LTP to your landline would be perfect for a lot of our customers.

That's the one complaint we have had is the lack of mobile signal. They won't get their LTP so that would be a big step forward for us. It's something we've discussed with CA. They know that it's something we're interested in so hopefully we'll work with them on that in the future. That will be a big plus.

It's more the fact the mobile signal isn't that great and you've got to move with the times. SMS technology is the way to go. If there's something unique that we could offer our customers, that would give them the confidence in us as a business. That would really help.

Apart from that, I've got no negatives to say really. It's just if they could offer something specific for our customer base. That would be really good.

We have used this solution about five or six years now.

That's one of the things in the contract is the SLAs and they ticked the box every time. So I have no concerns around that whatsoever. They're spot on.

It has grown. We moved from the initial implementation to use LTPs just a year and a half ago so that was part of the same solution.

Again, that's been a big win with our customers and that is more scope for us to move on with regulation over the next year to a year and a half, so definitely CA offer what we need.

We don't get in touch with them that often because the service is so good. But the email contact is spot on. We get a quick turnaround.

We do get advised of upgrades well before anything happens. So far, with the limited touch point we've had with them, I can't fault them either.

That's a difficult one for me because I wasn't with the firm when implementing the first rollout. But the second phase was very good. The support that we got from the project side for the business was excellent.

I can only assume it was as good first phase. Otherwise we might have looked at other products or another solution. I haven't heard anything untoward about the first implementation.

It depends on the scope and the size of your business. For us, being small, we're a small firm, Transaction Manager ticks our needs. But if you've got a bigger customer base, maybe more cards out there, maybe more fraud, CA can offer all the tools and technology that you need.

I would choose the tools that you want based on your customer needs, not your fraud loses. There's no point in spending thousands of pounds on a huge solution when actually one of the smaller solutions can meet your needs. We found that quite valuable for us.

It sounds funny, but when looking for a vendor, we've got to get on with the firm. We've got to have a similar culture to our business. Come and visit us. We're quite remote where we're based, so I think to come and have a face to face meeting, that's a big tick in the box without all these conference calls. If CA would do that for us, that's a big win.

We have to get on with the sales person and the project managers. We like the close relationship. That's part of our business is financial services. It's dealing with customers and we like that from our vendors as well. We like the close relationship. That's probably one of the biggest things we look for.

The cardholder configurations and reporting options are the most valuable features.
The user interface is easy to follow and the available options are useful.

An area of improvement for this product would be the ability to view more transactional data to determine the cause of a failed transaction. The current data fields are very limited.

Also, the cardholder experience is not so user-friendly. There are consistent issues with registration and usage of the product.

We have utilized this product for a little over 18 months; less than 2 years.

We have not had stability issues.

We have not had scalability issues.

The technical support team is professional and attentive to our needs and concerns. Issues are resolved in a timely manner with the appropriate follow-up.

We didn’t have a previous solution. We converted as a MasterCard customer.

Setup was straightforward, but I’m not sure if that was because we were a MasterCard customer using the service already.

At this point, I would implement other options due to improvements and MasterCard regulations regarding Identity Check and 2.0.

E-commerce security validations and reporting.

The risk of fraudulent transactions increases when the transactions are done online (e-commerce).CA Transaction Manager helps us ensure the source of e-commerce transactions is a valid merchant and customer.

The deployment process needs to be updated to ensure the base code does not involve details of other clients.

I have used it for around 5-6 years.

We did not encounter any issues with stability.

We did not encounter any issues with scalability.

I rate technical support 4/5.

We did not have a previous solution.

Initial setup of the solution proposed is straightforward.

This is a good product, which is easy to deploy and has lot of user friendly features.

This solution has ensured 100% security for our online card transactions.

We are still unable to implement OTP through email using this solution. That is probably because we are using a Gmail server for sending email. However, I would like to find a solution to send OTP through our email server.

We have used this service for about one year.

We have not had any stability issues yet.

We have not had any scalability issues yet.

I would rate technical support very high. We have faced very few technical issues, but we received prompt support every time.

The installation was straightforward without any hiccups. CA assigned an experienced project manager for us who guided us expertly. We were able to implement the solution smoothly.

At present, we are using ACS server of CA for our 3D Secure Transactions.

This solution is used for our card-not-present transactions. During
transactions, ACS sends a One Time Password (OTP) to the cardholder for verification.

We wanted to send this OTP to the cardholder through both
Mobile and email. We have implemented only OTP through mobile. OTP
through email could not be implemented due to 2 steps authentication in our
email server (we are using a Gmail server).

We are going to use our own email server domain instead of Gmail server.
Once it is done, we would like CA to help us to implement the OTP
sending through email.

I would advise others to go for CA products. The pricing is reasonable.

We evaluated other products. One of them was SunGard’s Ambit and the other one was from a local vendor name Aamra.

Card issuing/acquiring institutes must implement this product to secure their cardholders. The CA solution is a world-class product and others should consider using this solution.

The valuable features are:

• A robust DeviceID technology.
• Real time rule writing.
• A high level of versatility in rule variables that allows for a greater degree of customization and optimization.
• Strong model performance that allows you to focus on prevention rather than detection.

This product has improved our organization as follows:

• Helped reduce 3-D Secure losses to one of the lowest in the industry while having minimal customer impact.
• Enabled us to cut the 3DS losses in half, while declining 33 basis points of transactions. Twelve basis points of the 33 was fraud, i.e., a false positive rating of 1.8 to one.
• Developed new operational processes on the back of additional intelligence provided by the system. This helped reduce account takeover.

All 3DS systems assess the risks of all transactions, including closed cards. This drives additional workload for operations. Having said that, CA’s partnership with several authorization providers, such as TSYS, will help us to eradicate this issue.

These 3DS secure systems act independently from a bank’s man authorisation system ( Falcon, TSYS, SAS Raptor etc), and as a result they end up in position where they end up attempting to authenticate transactions that are closed card as they have no visibility of these type of statuses.

This essentially means that these fraud system generate alerts on closed card , wasting operational resource. This is the same for all systems in this space inc RSA.

Having said that there have been recent developments in this space that have allowed authorisation platform to work together with the 3DS system via an API. Meaning that the 3DS system can pass the data to the Authorisation system who in turn will make the decision, instead of the decision being made via a 3DS platform. One example of this is the TSYS/CA relationship.

I have used this solution for six years across multiple organizations.

In the first two years, there were several issues with stability. In particular, there were card numbers that were not always visible. However, these issues disappeared around 2014 when CA decided to get more resources to assist them with system management.

There were no issues with scalability. The first bank group I worked with started with 8 million cards being covered. This was expanded to 16 million with no detrimental issues.

Of the third-party providers that I have worked with, the technical support of this solution is up there with the very best. They are easily approachable. There is no risk of your issue getting lost in an operation center. The relationship managers are very hands-on. As a result, it feels like they are on the journey with you.

We used RSA as an alternative solution.

The setup itself was fairly easy, with plenty of support from the project team in regards to testing. The main challenge was internal, where operation sites required training and were hesitant in changing their way of working. CA offered project management resources in the event that the bank needed support to train their staff.

The price is very competitive. If you deal directly with CA, they are considerably cheaper than the competitors. This may vary in cases where they partner with an authorization platform such as TSYS or FICO. In these scenarios, you may notice a premium hike on your setup and monthly running costs.

We reviewed RSA Adaptive Authentication for eCommerce.

Have a dedicated project manager who will be responsible for direct dialogue with the CA project manager. Ensure that all stakeholders go to that single point of contact to avoid any potential slowdowns.

Make sure that all CA Risk Analytics data is pushed into your data warehouse daily. The out-of-box tool kit is good for providing a high-level view. However, you cannot carry out in-depth analysis. To do this, the data must be pushed to your data warehouse where you can run analytical tools such as SAS to identify patterns and recommend new rules.